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==Phnack Inc.== 

Volume 0x0e, Issue 0x44, Phile #0x13 of 0x13 

=[ International scenes ]= 

= [ By various ]= 

= [ <various@nsa.gov> ]= 



In this issue we are glad to have an amazing scene phile about Korea. You 
may find that it is a bit different from the usual scene philes, but the 
content will reward you. The author gives us information that is hard to 
come by and insight that illuminates widely believed misconceptions about 
Korea. We also have the second part of the Greek scene phile that covers 
interesting stories from that country's past. We know that Greece goes 
through tough times and we hope it will make people reflect on the 
situation there. 

Trying to define what 'a scene' is, it's not unlike trying to define what 
'the Underground' is. Perhaps it is that fleeting moment where you feel a 
connection with something. A connection that transcends physical 
limitations and relies only on interest and passion for, well, for anything 
really. 

The definition of the word 'scene' has changed quite a lot. Some years ago 
the word 'scene' had a geographical connotation. That's clearly no longer 
the case. Scenes are becoming increasingly, and thankfully, untethered from 
physical boundaries. That's not really something new, but it has changed 
the way most scenes are organized and operate. 

Given that physical boundaries no longer are the central defining factor of 
scenes, should Phrack continue to publish scene philes of specific 
countries? Maybe the next logical step is to focus on scenes that are 
defined by field, topic or interest. Maybe Phrack 's 'International Scenes' 
section should be changed to simply 'Scenes' and present overviews of less 
known sub-scenes or communities built around specific interests. 

Gentle reader, what are your thoughts? 



-- The Phrack Staff 
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--[ 1 - Introduction 

The Korean Peninsula has been divided into two countries for more than 
sixty years. With the ideological dispute of left and right wings that must 
have been one of the biggest reasons, the political, economic, geographic, 
and military factors also played an important role here. It is true that 
this division system may be affected by the political, economic, and 
military purpose of the two Koreas, neighboring countries, and their 
allies. 

This situation has caused many tragedies to the people of two Koreas, and 
has made a various types of tension factors like forcing North Korea to 
develop nuclear weapons to keep her system in the changing flow of the 
world. Unlike the past whose main element of conflicts came from 
ideological one, some large movements trying to maintain their interests 
dominate the situation of the peninsula. 

Over the past decade, the tension between South Korea and North Korea has 
been alleviated thanks to the Sunshine Policy during the regime of two 
progressive governments. However, after the present ruling party 
representing conservative value took over the regime again, the tension 
relationship began once again and there were some physical conflicts. It 
will be almost impossible to get over this situation only with the 
intention and endeavor of two Koreas, because there are so many 
stakeholders . 

This article will mainly focus on the internet and cyber capabilities of 
North Korea which seem to be not widely known to people, and some attacks 
against South Korea. So, this will make some differences from the 
traditional Phrack scenes. But I think the differences don't come from 
contents but form. 



--[ 2 - Internet of North Korea 

It is said that the internet of North Korea was introduced in the early 
1990s. Mainly because of internal political reasons, the internet has been 
maintained in the form of intranet. 

In January 1997, North Korea opened the first web site of hers, kcna.co.jp 
in Japan and opened dprkorea.com which was for business in February 1999. 
And then NK opened the web site, silibank.com for international e-mail 
relay. Interestingly, whois lookup will show you that the e-mail account of 
Technical Contact of this domain is gmail. It is known to gain access to 
this e-mail relay system is blocked in South Korea. The service is 
available only to foreigners who joined the paid membership, and people and 
companies of NK registered in the system. [1] The e-mail exchange with 
foreigners are allowed but it is said NK authorities check the contents, so 
the privacy of information will not be guaranteed. 

The internet access from inside of NK to outside is very limited, but the 
intranet connection built inside of NK is active. In October 2002, the 
building of intranet network which allows connection from all areas of NK 
was completed. It is called ' Kwangmyoung' and started as a research system 
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of scientific knowledge materials. It is known that the access to outside 
using this intranet system is impossible. 

However, DPS(Department of Postal Service, 'Chesinseong' in Korean) of NK 
hires and manages internet access lines in Beijing of China for their use. 
It is possible to connect to outside through this internet line. But it is 
not freely available to all NK people. There are some people who guess 
there are special lines dedicated only to Communist Party and its army in 
addition to this line. But any proven materials or information through the 
technical identification has not been publicly offered yet. 

NK has been expanding her commercial web sites for the sake of economic 
interests and system propaganda, and most of them use servers located in 
foreign countries. It seems that the web sites opened in the early 2000s 
have been changed and even disappeared. This may be because NK got a 
permission for her to use her national domain 'kp' from ICANN (Internet 
Corporation for Assigned Names and Numbers) on September 11, 2007. NK has 
been opening additional web sites by using kp and will add more. KCC(Korea 
Computer Center) was chosen as a NK internet address management authority. 
It seems that NK will open her internet system to the world when she 
establishes security system and policy by herself, and can control the 
internet use of people. 

The access to the NK web sites for system propaganda like naenara.com.kp 
and star.edu. kp is not permitted in South Korea but it is possible for us 
to gain access by using Tor and proxy servers. Some of web sites operated 
directly in NK were known in the past, but they were accessible through not 
domain address system but IP address. However, it is not sure they are 
operated now or they are accessible only from specific regions. 

NK also makes use of SNS services like twitter(@uriminzok) mainly for 
propagating her system, giving news about NK, and criticizing South Korea. 



--[ 3 - Cyber Capabilities of North Korea 

It was the magazine "Shindonga" (November 2005) and '2005 Defense 
Information Security Conference 1 that introduced cyber capabilities of NK. 

A related news article about the conference contains the following part, 

"The capability of NK hackers is similar to CIA’s. "[2] But the main parts 
of this article were introduced without objective data, so they were not 
supposed to be reliable facts. 

NK Intellectual Solidarity which consists of NK defectors having a 
right-wing inclination insists that the scale of NK cyber hacker troop has 
been on the increase to the level of 3,000 people. [3] But this is not 
confirmed by objective data, so the confidence level is very low. 

DigitalTimes cited American experts, "NK cultivates more than 100 hackers 
centering around Pyongyang Automation University(Mirim University in the 
past) every year, and they have capabilities to hack Pacific Command and 
U.S. mainland computer systems. "[4] We can easily think that the world is 
connected with internet, so the physical distance between U.S. and NK is 
not an obstacle at all. If the computer systems of U.S. are not so secure, 
even novice hackers can compromise them. 

In the web site of Nosotek which is "the first western IT venture in NK", 
we can find the following expression, "software engineers are selected from 
the mathematics elite and learn programming from the ground-up, such as 
assembler to C#, but also Linux kernel and Visual Basic macros". [5] From 
this, we can see indirectly there are outstanding programmers who have 
talents to be hackers. 
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In the case of Kim Il-Sung University, students have to take the courses of 
high mathematics and programming regardless of their majors. The university 
developed the following software: Intelligent Locker(Hard Disc protection 
program), Worluf Anti-virus(anti-virus program), SIMNA( simulation and 
system analysis program), FC 2.0(C++ program development tool). From this, 
we can know that NK also conducts hacking and security research.[6] 

It seems quite natural that we can easily judge there are hacker troops in 
NK in this kind of network age. NK may cultivate hackers for her defense. 
But we don't have to overstate or underestimate the capabilities of NK. We 
should be objective more thoroughly when data is not enough for correct 
judgment. Rational and reasonable policy making and practice come from 
objective data and judgement based on it. 

NK should also remember that her web sites, servers, and network can be 
compromised, propagate malicious codes, and be used as intermediates. The 
more NK opens, the more she will be attacked. The attackers will be an 
organization or a country for the sake of its political and military 
purposes, hacker group for hacktivism, and script kiddies for fun. 



--[ 4 - Attacks against South Korea 

There were two big attacks against South Korea. One is 7.7 DDoS attack(at 
first, this attack started against U.S. on Duly 4, 2009, but led to the 
attack against South Korea on Duly 7, so we call this '7.7 DDoS' attack in 
Korea.). The other is 3.4 DDoS attack on March 4, 2011. 

--[ 4.1 - 7.7 DDoS attack 

The first attack of 7.7 DDoS began on Duly 4, 2009(Independence Day of 
U.S.) and lasted for two days. The targets of this attack were 26 important 
web sites of U.S. including Amazon, FAA, NASDAQ, NSA, White House. But from 
the second attack(Duly 7 to 8), 13 web sites of Korea were added to the 
target list. Administration, congress, portal, media, financial 
institutions were included in the list. At this time, Chinese hackers were 
suspected to be attackers. 

From the third attack(Duly 8 to 9), there were some changes in the target 
list, and the existing zombie PCs were not used any more. It seems that the 
existing zombie PCs were blocked and could be no longer available for the 
next attack. One of the interesting things is that there were some 
government organizations which establish measures to defend against attacks 
and security companies, major portal sites giving e-mail services in the 
target list. From this time, NK was suspected to have done the attack. At 
least, some of South Korea's conservatives wished to believe this for their 
political profits. 

The final attack(Duly 10) ended destroying data of zombie PCs which were 
infected with malicious code for attacks. However, the attacker was not 
identified. C&C(Command & Control) servers from numerous countries were 
used for the attack. At that time. South Korea was not prepared for this 
kind of big attack. Thus, South Korea couldn't avoid a confusion from the 
attack for three days. 

As a result, this attack made South Korea establish various policies of 
preparedness against DDoS attack. Some hackers of South Korea designed ways 
to cure zombie PCs using C&C servers of attackers as well as some ways of 
counterattack. 

--[ 4.2 - 3.4 DDoS Attack 

Almost two years after 7.7 DDoS attack, a similar attack occurred at 10:00 
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in the morning on March 4, 2011. Like 7.7 DDoS attack, it contained 
political intentions. But the techniques of attack were more advanced. The 
targets were mainly the web sites of major national inf rastructures of 
South Korea. The web sites of legislative., judicial, administrative, 
military, diplomatic, financial organizations, and intelligence agencies, 
police, portal, transportation, power system were included. 

The attacker used HTTP GET Flooding, UDP Flooding, ICMP Flooding, and more 
than 80% was HTTP GET Flooding. And more than 110,000 zombie PCs and 700 
C&C servers from 72 countries were used for attack. [7] The attacker used 
P2P web sites to spread malicious codes. 

After the attacker realized that his attack had been detected(the P2P web 
sites were known and blocked) through the countermeasure, he added new 
commands to the malicious codes. This is a different part from the past 
attack. When new attacks started, the configuration of malicious code was 
changed, and new files were added. Security experts faced new challenges 
and needed more time to analyze them. The ending time of attacks was not 
specified clearly in the configuration file. And the host file of system 
was modified to prevent the update of anti-virus programs. And encryption 
techniques were used to disturb analysis. 

However, new defense systems which had been established since 7.7 DDoS 
attack were applied and despite more advanced techniques of attack, the 
damage decreased. One day before the attack, ASD(AhnLab Smart Defense) 
system collected malicious codes which would be used for attack and 
analyzed the code. Through this analysis, the exact time and targets of 
attack came to be known, and more effective response was possible. 

South Korea has already established some important response systems since 
7.7 DDoS attack. The typical examples are ASD of AhnLab and DDoS Shield of 
KISA. As I said, ASD system can detect attack before it occurs by 
collecting malicious codes and analyzing them. DDoS Shield system detects 
attacking traffics and relays normal traffics to their destinations and 
throws away abnormal attacking traffics through DNS record modification. Of 
course, the cooperation system of various related organizations and 
security companies was established elaborately. In this respect, these two 
attacks made South Korea build new defense systems and brought the 
development of the security industry. 

This attack was so political but the attacker didn't reveal his exact base 
intentions. But it is clear that the attacker wanted to test his techniques 
of attack and judge the response capabilities of South Korea. The attacker 
might realize what kinds of things he needs for his next successful attack. 
Maybe, we can judge the real capabilities of the attacker through the next 
attack. 



--[ 5 - Who are attackers? 

One of the questions which people are curious about is "who are 
attackers?". This is an important question related with political and 
military purposes. In conclusion, the judgement through the technical 
analysis about the question, 'who are attackers?' has not been disclosed to 
the public. In a nutshell, the attacker may be a guy, a group, an 
organization, or a country that holds its ground against opponents and so 
has an obvious justification to attack or wants to seize the hegemony of 
internet world. 

For whom are not interested in this kind of general and abstract 
conclusion, following judgements and the grounds can be given. This is 
based on a simple presumption, so you'd better not take it too seriously. 
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The first ground of presumption that NK could be a probable attacker is 
GNP(Grand National Party) and Chosun Ilbo were included in the attack 
target list. GNP is the ruling party of South Korea and its philosophical 
background is based on conservatism, and it is hostile to NK from a 
political standpoint. Chosun Ilbo is also a leading conservative media and 
has a hostile point of argument to NK. The contention of Chosun Ilbo has 
not always been rational and showed us it may manipulate public opinion for 
its profit. Of course., people of progressive idea are not always friendly 
to NK without any condition. The fact that these two targets which can be 
hostile to NK for their political reasons are included in the list makes us 
guess the attack might be conducted by NK. This judgement came from the 
special situation of the Korean Peninsula. 

The target list of 3.4 DDoS attack contains a particular web site. It is 
Dcinside, a common community web site. If the attack had been for political 
purpose, the web site would have had no reason to be in the list. By the 
way, on January 5, 2011, some posts to blame for NK's leaders were 
registered in one of NK web site, uriminzokiri.com which the Committee for 
the Peaceful Reunification of the Fatherland manages to propagate NK's 
political system. On January 8, 2011, the twitter account of NK(@uriminzok) 
was compromised and attackers posted some critical comments about NK and 
the leader Kim Jeong-il, Kim Jeong-eun. Some members of Dcinside insisted 
they did. After two months later, Dcinside was in the list of target. This 
is the second ground of presumption. 

Police of South Korea presumed the attack of NK because the source IPs of 
attack might have been DPS's which DPS of NK hires in China. But one police 
concerned told a press, "It is difficult to make clear the exact entity 
about the main body of this DDoS attack. "[8] This shows us that the 
judgement of police might not be clear. To ensure a clear evidence, police 
told the press they would do a cooperative investigation with China police, 
but the results of any cooperative investigation has not been released yet. 
Because only small number of people possess some sensitive information, 
various conspiracies seem to appear. 

Some people who think the attack didn't come from NK suggest the 
followings: if NK had a perfect attack plan and was not an idiot, they 
would not revealed the IP addresses she hired in China with causing 
political problems. On the contrary, the third force who is familiar with 
the tension of two Koreas and want to use this situation for its profit 
rather conducted the attack. 

A lot of detailed technical analysis has been published many times in korea 
since the two attacks. In the technical documentations and presentations, 
the experts of South Korea didn't specify the source of the attacks because 
they are afraid of arbitrary interpretation by some people. South Korea is 
a divided country and any information can be interpreted arbitrarily by 
some people depending on their political or ideological purposes. In the 
white paper, "Ten Days of Rain" of McAfee, we can find this part, "This may 
have been a test of South Korea's preparedness to mitigate cyber attacks, 
possibly by North Korea or their sympathizers. " [9] This has been quoted 
mainly by some conservative organizations and medias for their political 
purposes to confirm the attack of NK. 



--[ 6 - Some prospects 

Some phenomena(for example, making zombie PCs regularly) of the preparation 
for a powerful DDoS attack has been detected. I am not sure this is the 
extension of the past and conducted by the past attackers. However, if a 
new attack occurs, the attacker will test new techniques and South Korea 
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will inspect hen defense systems. Of course. South Korea will also be able 
to have a chance to establish a new defense system and more advanced attack 
techniques . 

South Korea has carried out more than material preparations through the 
various forms of cyber attacks. This is because South Korea government and 
companies realized the importance of hackers' help. This started from 
getting over the wrong awareness about hackers in the past. However, when 
they looked for good hackers who could help them, they realized that there 
were not so many hackers as they wanted. So, the need of running programs 
that can foster good hackers has begun to rise. 

About ten years ago, the hackers of South Korea organized communities and 
hacking teams by themselves, and proceeded various researches and 
discussions. At that time, they had strong desire for knowledge and pure 
research, and their findings were shared freely with little thought of 
money. And they didn't use their knowledge for the purpose of financial 
crime. But the government and companies considered hackers as criminals. 
Sometimes, police tried to arrest hackers for their own profits and blocked 
their activities. In this kind of oppressive situation, hacker had to stop 
their growth momentarily. Consequently, this led to the retreat of cyber 
defense capabilities of South Korea. Hackers can't post an exploit code in 
a web site. Because the related law defines 'hacking' too comprehensively, 
so it is still illegal to post an exploit code in an open web site in South 
Korea. 

Watching various cyber attacks for the purpose of political and financial 
reasons around the world, the government and companies of South Korea 
realized that bringing up hackers is closely linked to the defense of 
country and profits of companies. So, they run some hacking contests to 
find good hackers and support some hacking and security clubs of 
universities. These kinds of action are still not so well formed to the 
level of systematically perfect process, but these fostering programs are 
expected to be proceeded in more concrete shape through various cyber 
attacks . 

Of course, the hackers of South Korea have tried to prove the value of 
their existence and to grow up by themselves without any help of government 
and companies. For instance, they have participated in the finals of DefCon 
CTF since 2006. In 2006, 'East Sea '(This refers to the territory of Korea) 
team went to the final of DefCon CTF and this was the first time for a 
foreign team to take part in it. And this led to the organization of one 
team for DefCon CTF which consisted of some members of leading hacking 
teams of South Korea. This was helpful to correct the wrong awareness of 
media about hackers. And some hacking and security conferences have been 
held every year by hackers. Even some hackers take part in the penetration 
test projects for government. The hackers of South Korea now prove their 
contribution and existence value through these activities. 

There will be two important elections, a general election and a 
presidential election in South Korea next year. And some political attacks 
can be expected regardless of the types of attack. If some large-scale 
attacks occur again next year, some people will likely assert it as a 
conduct of NK even if it is not by NK. Some politicians of two Koreas fell 
under suspicion of bringing unrest on the peninsula intentionally to 
achieve their political goals at the time-sensitive period. 

We can easily anticipate various forms of attack to occur continuously if 
the division state of two Koreas remains, and new strains occur, or if 
someone or country needs them for profit. Currently, one of the best 
solutions for this problem is to relieve the political tensions through the 
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promotion of common interests of surrounding countries of the Korean 
Peninsula and to achieve the cooperation relationship. The stability of the 
Korean Peninsula can contribute to the peace of the world as well as East 
Asia owing to the close connection of countries. 
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What's past is prologue 

anonymous underground greek collective - anonymous_gr@phrack.org 



[ Introduction 

First things first. This is the second part of the previous scene phile on 
the Greek underground scene [GRS]. Although the primary authors are the 
same as the first part, this time many people contributed information, 
stories, facts and even whole paragraphs of text. We were positively 
surprised by the response and the attitude of the community that decided to 
help us in order to make this second part better. Hence the new authorship 
details. Also, the email alias from above is now forwarded to the people 
that helped. 



The truth is that we had a great time receiving irrelevant flames by 
people who didn't even read the first two paragraphs of our previous scene 
phile. In a struggle to avoid future unfortunate comments, we would like 
to stress the fact that we are not capable of talking about every aspect 
of the Greek scene in just a few paragraphs. In fact, space is not the 
only problem. Privacy is a fundamental characteristic of all scenes. There 
are people who don't want to publish or openly talk about their actions, 
and there are certain stories/facts that we are not aware of. That said, 
we believe that the following text covers, not all, but a fair amount 
of the history of the Greek scene. If you don't comprehend the previous 
sentences, then maybe you should try reading something else. Or maybe 
try writing/producing something yourself, huh? How about that? 



We would also like to remind you that we will once again 
from referring to particular nicknames/handles. We will, 
macroscopic view of our scene's past glory. Btw, you may 
cities other than Athens. That's a byproduct of the fact 
people that provided information are not from Athens. 



try to refrain 
instead, give a 
notice a focus on 
that most of the 
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[ Dawn of time 

At the dawn of time there were BBSes. And FidoNet. 

The very first BBS in Greece., named .ARGOS system, started operating in 
late 1984. It was a non-networked BBS, mostly built around a message 
bulletin board. It was arguably the first online community in Greece. 
Another early BBS was AcroBase established in 1988 [ACR]. The next major 
event was in 1989 when the first FidoNet nodes in the city of Thessaloniki 
became active. They connected the Greek BBS community to the world by 
FidoNet mail and several local and global echomail (usenet news-like) 
areas. In 1992 Compupress [CPS], a very creative and innovative (for 
Greek standards ;) publishing company, very famous among Greek computer 
users, launched its BBS, codenamed "Compulink". 1994 most people agree that 
it was the "Golden Era" of Greek BBSing. There were around 100 FidoNet 
nodes in most urban and rural areas of Greece. The "Twilight Zone" BBS was 
offering public access to a selected choice of Usenet groups and public 
access to Internet email through a UUCP-to-FidoNet gateway. Several 
regional and some international FidoNet-technology networks other than 
FidoNET connected most of the amateur computer community in Greece at that 
time. In Thessaloniki there were weekly FidoNet meetings every Friday, 
forming the first stable, most widespread and long-lived (till today!) 

Greek amateur computer society. There were meetings hosting over 30 to 40 
people, in times when Computing and Information Technology were terms 
almost unheard of in Greece. In 1996, the FidoNet nodelist count drops to 
51. This was mainly due to the increasing number of ISPs and dialup users, 
and it was the start of demise for the BBS/FidoNet era of Greece. 

Around that time, Compupress' Compulink BBS evolved into a full blown, 
but tiny, ISP that provided dialup access to the Internetz while at the 
same time maintaining its BBS service. In 1995-97 the Greek underground 
was heavily involved in hacking Compulink and its BBS services; there 
were a lot of incidents and even formal complaints. The fights between 
Compulink' s administrators and well-known members of the underground are 
almost legendary. This era saw the founding of several hacker (with and 
without quotes) groups, and is considered by many as the birthplace of 
the Greek scene. 

At this point we should mention that Compupress was the publisher of Pixel, 
a very famous and influential magazine for personal computers. Pixel first 
appeared in 1983 and usually included type-in programs as code listings! In 
1987, Pixel published the details for one of the oldest virii written by a 
Greek guy [PIX]. The virus was randomly displaying the message "Program 
sick error. Call doctor or buy Pixel for cure description". Leet or what? 

In the following years, more companies entered the Internet market and 
Internet access started to spread. Early ISPs were just charging a yearly 
fee for dial-up access, and each phone call to them costed a small one-time 
amount (~20 drachmas). These led to a lot of people downloading warez off 
Usenet, idling on the Greek IRC network (GRNET) and wardialing. The suits 
of the ISPs and the phone company (OTE) saw that as a cash cow to milk, 
reacted quickly and established time-based charging (security counter 
measures? :p). That's the point it started to become expensive for 
end-users to access the Internet. 

This period saw the emergence of a lot of "hacker" groups. This time the 
quotes are necessary, however there were noteworthy exceptions. Most of 
these groups focused on attacking the ISPs of the time. In one specific 
incident, the ISP Hellas On-Line (HOL) was hacked and its main password 
file was stolen and exchanged in the underground. In order to cover the 
breach and cause confusion, HOL is rumored to have started distributing a 
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fake password file among the underground. What needs to be highlighted is 
that this was one of the first 'dirty or at least "less than sincere" 
incident response tactics' used by companies as they started to become 
targets to attacks. 

At this time most of the serious hackers were mainly individuals, sometimes 
organized in anarchy groups that used to have fun breaking things, both 
metaphorically and literally :) Some day in 1995, #grhack (!= grhack.net) 
gets established in undernet. #grhack was an IRC room where several skilled 
people used to hang out and exchange information. #grhack is still so 
respected among the Greek hackers that several lame Greek cockroaches try 
to convince one another that they were supposedly active back in the day 
(fuck off, you know who you are). It was in #grhack that the term "GHS" 
(Greek Hackers Society - "S" for "Society" and *not* "Scene") first 
appeared. GHS was exactly what the initials described, a community that 
consisted of people with respectable and notable skill set and state of 
mind, people that actually *hacked* (as opposed to the ones whose knowledge 
is limited to merely running sqlmap and other canned tools). 

Additionally, members of #grhack were also the creators of hack.gr and 
grhack.gr [GGR], two old school sites representing the state of the 
scene at the time. It's interesting to note that the hack.gr user pages 
are still up and running at [HGR] (most people listed there are/were 
respectable, however some idiots also managed to get there). Also, 
grhack.gr is still maintained by one of the guys (greets and respect)! 

Of particular mention was a group of hackers situated mainly (but not 
strictly) at the city of Patras and associated with hack.gr. They had 
advanced skills, anarchist ideologies, and weird links with mind-expanding 
experiences (LSD? Who knows... ;). It is clear that their mentality had a 
lot to do with their deep education and love of reading (outside technology 
as well). A couple of them even transcended the borders of Greece and 
became members of the famous hacking group ADM. Their work was and still is 
inspirational to a lot of us. It is also worth noting that apart from ADM, 
members of the Greek underground have participated in or have been founders 
of other famous hacking groups or communities such as w00w00, 
ElectronicSouls, el8, 9x, POTS and probably others. 

1996-1999 was a high time for the Greek computer underground related 
press (the traditional mainstream computer press was dominated by the 
RAM magazine). Several publications surfaced, "Laspi", "The Hack.gr 
Gazette" and many more. Their focus was primarily on the freedom of 
speech/information. Some of them were humorous, while others used caustic 
words to describe, according to the authors, unethical acts of people 
who got famous by abusing the term "hacking". For example, "Ypokosmos tou 
Internet" [IUW] (Internet Underworld) was one of the most famous zines, 
kinda like el8, ZF0 etc ;). Internet Underworld focused on exposing 
the security and privacy related blunders of ISPs and other poorly 
maintained organizations/companies without however publishing private 
data online. It was created in response to the "Kosmos tou Internet" 
(Internet World), a traditional press magazine. The Internet Underworld 
zine was shut down by OTE officials who threatened(P) VRnet (their hosting 
provider) with disconnection. The interested reader can find more details 
at [ISE ] and [TEL], two articles that give more information on the 
publications of the time (unfortunately they are in Greek but Google 
Translate is your friend). 

In 2001 the first Greek "con" took place in Athens. It was called "HOUMF! 
Con version 0.0" (Hacking Organisation of Unix Mother Fuckers [HMN]) and it 
brought together people from the Greek underground with interests in 
security and hacking [HMF]. Since it was only a "demo" (hence the 0.0 
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version number : ) of a full conference., there were only three talks given 
[HMT] . However it was considered a huge success since there were about 
150 participants, an impressive number if you consider the size of the 
Greece scene at that (and this really) time. By the end of December 2000, 
more than 100 people had expressed their interest to attend it! 

HOUMF vl.0 was scheduled for the April of 2002. Due to the media 
going berserk on a new disease spread at the time, the organizers were 
unable to find a room to host the meeting. Preparations ended abnormally, 
disappointing a lot of people who would love to attend. It was then when 
most Greeks did what they knew best; Troll and flame the organizers for 
no obvious reason. The truth is that there hasn't been any attempt for 
another underground con in Greece since then. Crappy remarks from worthless 
people aside, the truth is, if anyone was better at organizing an 
underground con of this magnitude, they'd just be doing it already. 

Around 2000-2001 two more groups appeared in the scene, USF (United 
Security Force) and UHAGr (United Hackers' Association of Greece). Both 
were quite active in efnet and undernet, so, several people may recall 
their names as well as both good and bad memories along with them. It's 
quite notable that there was an interesting hatred among the members 
of the two teams, maybe mostly because of personal differences, but 
looking back in time one can only see the fun part of it. USF and UHAGr 
both had their own websites; www.infected.gr [INF] and www. uhagr .org 
[UHA] respectively, where one could see a bunch of releases (papers, 
codes etc.) as well as funny material, pics from meetings and so on. As 
far as we know, members of the two teams used to meet in real life in 
Thessaloniki and Athens in order to have fun and break things. 

In 2003-2004, r00thell came into existence. r00thell wasn't a team in the 
strict sense, it was an active think-tank of 5-6 people mostly interested 
in exchanging techniques and ideas. One of the most funny things about 
r00thell was their members' interest to explore exotic architectures 
which eventually led to a development of a whole heterogeneous network 
that these guys had access to (AIX, SunOS, HP-UX, etc.). If r00thell had a 
leader that would be the webmaster of kizoku.r00thell.org, a security 
portal were one could find interesting texts and several resources. A very 
interesting 'about' page can be found at [R00], titles of some texts at 
[R0T] and some projects they used to work on at [ROP]. 

The same (more or less) people that spawned r00thell, were the 
creators of other communities as well. Ono-sentai [ONO] was such an 
example. Ono-sentai was born some time around 2001-2002 and it seems 
like the members had really fun times. It's unfortunate that the site 
is written in greeklish; we wish everyone was able to read the sections 
'about' and 'kotsanes'! Nevertheless, the website features technical 
content that may be in value even nowadays (wardialing results, local root 
exploits, papers and other resources which are worth studying). Apart from 
the technical content, ono-sentai became very famous for the detailed 
treatise on the non-existence of Santa-Clause (!) which you can find at 
[ONS]. We'd love to see an English version of this text; maybe we will 
some day convince the guy who wrote it to do a proper translation :p 
For now, you can try Google Translate on it :p 

It has always been believed that many members of the Greek underground 
struggle to mimic the behavior of certain USA groups/communities. We 
believe this is not an issue specific to our local scene and it's not 
bad either, at least not by default ;). In the past, several people have 
tried to follow the principles of pr0j3ct m4yh3m but most of them have 
failed miserably. Back in 2001, a zine called 'keyhole' started to 
circulate in the underground. 'Keyhole' was a zine like el8, h0no etc but 
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only made it to the first issue ;) The zine's authors , calling themselves 
'OSS' (Open Secret Society) , pretended to be anonymous hackers that exposed 
people for fun; A few days later , their identities became known. Most 
people agreed that 'keyhole' was a bad move; as far as we know, no one 
of the guys being flamed in the zine had hurt the authors. 

'Keyhole' was immediately considered an unjustifiable show-off that 
displeased several members of the Greek underground. It later became 
obvious that a group of people., named 'CUT' (Ch0wn Unix Terrorists) 

[CUT] , were displeased the most; after managing to identify the 'keyhole' 
authors, CUT broke into their servers, sniffed mails, IRC logs and other 
funny material and eventually published a zine called 'asshole' which 
was considered a reply to 'keyhole' (hence the name). An interesting 
manifesto [CMN] was also sent to a famous Greek security portal. Although 
we believe that publishing sensitive private information is unethical, 
'asshole' showed the 'keyhole' authors what it feels like to have your ass 
exposed. In the manifesto, the authors of 'asshole' reacted to all that 
'whitehat vs. blackhat' bullshit that had started to affect the Greek 
communities. 

Since that time, more zines have emerged in our local communities 
usually targeting individuals. Our advice: If you don't like someone, 
just ignore them :) 

To our knowledge, the first arrest in Greece related to computer crime law 
took place in the September of 2000. It was a surprising and unprecedented 
move made by the Greek authorities, since prior to this incident there had 
been only warnings(P) so to say from law enforcement just to scare people 
off. The CCU (Computer Crime Unit) managed to locate and arrest a student 
of the Engineering School of Xanthi, who was later charged for causing 
damage to a very famous Greek ISP. Before this very first arrest, most 
people in the local hacking communities ignored the presence of 
intelligence agencies, but this unfortunate event signaled a new era of the 
Greek underground; an era characterized by an inherent suspicion in members 
of the underground that even their closest friends could be members of 
intelligence agencies. Unfortunately, this is a delicate issue which we 
wouldn't like to discuss further. Many people seem to be involved and we 
wouldn't like to hurt anyone. 

Last but not least, here's a list of other communities that were (or 
maybe still are) active within the Greek underground: 

1. System Halted 

2. Ethnic/nationalistic groups (which shall remain unnamed). 



[ Demoscene 

The demoscene has always been an integral part of the computer underground. 
A lot of people believe it may be its pure heart nowadays that so many 
things in rest of the underground scene seem to be corrupted and rotten. 

This part of the phile concerns the past of the PC demoscene in Greece. 

That is not to say that the greek demoscene has been PC-only. Sceners from 
such platforms as the Amiga, Atari, CPC, C64 and Spectrum have been part of 
its mosaik. We, however, are going to focus on the PC-specific demoscene. 

In the introduction we stressed the fact that we wouldn't like to refer 
to particular nicknames of the Greek scene. Nevertheless, the demosceners 
had no problem having their nicknames revealed, so, we thought it would 
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be nice to give credit where credit is due ;) 

As in most cases, one would expect the PC demoscene to have originated 
from big cities like Athens or Thessaloniki (where over 50% of the 
country's population is located), but surprisingly that was not the case. 
The story goes back to 1992 in the town of Katerini, where a group called 
ASD (Andromeda Software Development) was formed, and started uploading 
small productions to COSMOS BBS, a local Bulletin Board System. The group 
in the beginning consisted of Navis and Incus, creating PC utilities, but 
later Amoivikos joined them, and as a team decided to turn into graphics 
programming. Although Navis had previously coded various effects in C64 and 
PC, Cdemo5 should be considered the group's first demo. 

Meanwhile, three university students in Athens (Laertis, Dorge and 
Zeleps), decided to put a group together called Nemesis, but only released 
one single production in 1994 called spdemo which was an advertisement 
for a local BBS called Spectrum. It was quite a big thing when Megaverse 
BBS came online in the city of Patras around 1993. It functioned as a 
local demo repository, copying demos directly from Future Crew's own 
Starport BBS in Helsinki and distributing them locally. Dgt, the owner 
of Megaverse, along with erne, fm, gotcha and nEC, most of them users of a 
local BBS called Optibase, formed a group called dEUS which was destined 
to play a big part in the Greek PC demoscene. moT, the group's musician, 
was finally added to the group, which led to the release of their first 
production called Anodyne on the 5th of Duly 1994. dEUS was the first 
group in Greece to incorporate some kind of design in their demos and 
the first to submit a production, a 64k intro, to the Assembly Demoparty 
in Finland, although they never got past the preselection round. More 
importantly though, they were the first group to organize a demoparty in 

Greece. This initiative would eventually result to Patras becoming in a 

way a "capital" for the greek demoscene. The first demoparty that dEUS 
organized took place on April 28, 1995 in an abandoned bank branch in 
the center of Patras and was a big success, gathering sceners from all 
around the country. ASD won the first place in the demo competition with 
their demo "Counterfactual" , marking the beginning of their long winning 
career. The same year saw the formation of another group. Demaniacs were 

found in February of 1995 in Xanthi, by Cpc and NeeK, two students at 

the Democritus University of Thrace, who after watching Second Reality, 
decided to make something alike on their own, leading to an intro called 
"pandemonium". Later that year Theo joined them as a musician, leading 
finally to their first production with sound in March 1996. Gardening 96 
took place the following year, this time at the University of Patras' 
theater, which became the standard location for the parties that 
followed. The third and last Gardening event took place in 1997 at the 
same location. At that time, many other groups existed, notably Helix, 
Debris, Arcadia and Red Power. Little did anyone at that time know it 
would be the last of The Gardening demoparties. And suddenly, that was 
it. No demos came out for the following four years, no parties took place, 
and the scene seemed quite dead. When in the the year 2000 a LAN party, 
organized by many sceners took place in Athens, it was the closest it 
could get to a sceners' meeting. However, no productions came out of it. 

It was the following year that something significant happened. A 
demo-dedicated channel was created in GrNet, a greek IRC network, and 
gathered many of the previously scattered greek sceners as well as new 
ones. This led to an actual demoparty taking place. Digital Nexus 2001, 
which took place in Athens, and was organized by cybernoid, apomakros, 
doomguard and Abishai. ASD won the demo compo once more, presenting 
"Cadence and Cascade", the first Greek GPU-accelerated demo, which 
signaled a new era for the Greek demoscene. It is not well known though, 
that at the same party. Psyche, Raoul and zafos, three students from the 
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university of Patras., resolved to revive the Gardening demoparties that 
had taken place at their University a while ago, and to form a demo group, 
later called nlogn. The fruit of their cooperation was a new demoparty 
called ReAct, which tried to revive the Gardening atmosphere., and took 
place on the 19th of April 2002. ASD with aMUSiC, their first musician 
since the group's formation, won the demo compo with their demo "Edge of 
Forever". The Greek demoscene seemed to be entering a new era indeed. A 
few new groups appeared., such as Quadra., The Lab, Psyxes, Nasty Bugs., 
nlogn and Sense Amok and things for a while looked promising. However, 
most (if not all) of the newly formed groups never released more than a 
couple of productions, and never managed to reach the level of productions 
that were made outside of Greece. Older groups, apart from ASD, never 
managed to release any new productions. Most of them disbanded but kept 
coming to parties. ReAct took place in 2002, 2003 and 2004, and then a 
demoparty called Pixelshow, organized by gaghiel, continued this long 
running tradition of having a party in the University's theater. Pixelshow 
took place twice, in 2005 and 2007 (the 2006 event was cancelled), and was 
the last demoparty to have taken place in Greece so far. 

Some things should be added concerning ASD at this point, since their fame 
is way beyond the Greek demoscene. Although almost no Greek group ever 
achieved fame outside Greece, ASD is one of the most famous demogroups 
worldwide. They currently hold the record of scoring four times 1st place 
in the combined demo compo of the Assembly demoparty, as well as having 
received eleven scene awards (demoscene 's most prestigious award) so far. 
Their productions are marked by painstaking attention to detail, extremely 
well crafted transitions that have become their trademark, as well as a 
progressive metal soundtrack most of the times, composed by aMUSiC and 
Leviathan, the group's musicians. 



[ What's past is prologue 

Relax, take a deep breath and try to think what do you want your place to 
be in the great scope of things. The (Greek) scene will go on with or 
without you, with or without any one of us. The scene is a collective. 
Respect it and it will respect you back. Give to it and you will receive. 
Understand the true spirit of hacking and stop being a Chrysaora Sqlmapis 
[SUB]. 

In order to write this article, we contacted several people to ask for 
information. A lot of people helped not only with information, but also 
with anecdotes and even actual text. They have our respect and we thank 
them. Of particular mention are zafos/nlogn and amv/ASD. Also, we respect 
the fact that some people didn't want to share or have their stories 
made public, but nonetheless provided helpful feedback. Thank you guys 
too. 
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